Category: Cyber

Since the morning of October 24th, a new ransomware attack named BadRabbit began spreading through Russia, Ukraine, and on a smaller scale in Germany and Turkey. Among the affected networks were Ukraine’s Ministry of Infrastructure, Kiev’s public transportation system, the Russian news service Interfax and others.

It seems that the attack is based on user deception, rather than exploitation of a vulnerability. While a user is browsing a legitimate Russian news site the user is transferred to a site controlled by the attackers (a watering hole attack). This site requires the victim to download and install a bogus Adobe Flash installer file, through which the user unknowingly infects his or her’s own machine. Meaning, the user himself must initiate the ransomware’s activation, as it does not activate automatically.

KELA Targeted Cyber Intelligence is a leading provider of targeted cyber intelligence, based in Tel Aviv, Israel. We specialize in providing our clients with intelligence about cyber threats that are specifically targeting them (exposed IT systems, breached employee credentials, product vulnerabilities etc.). We do this using the RaDark technology that we’ve developed – an automated cloud based technology, which uses custom-built web crawlers for continuously monitoring Darknet sources. In addition, our defense-force trained intelligence analysts provide tailored reporting and incident response services, acting as a real time extension of the clients’ team. Our intelligence is used by some of the world’s largest banks, telecoms, auto manufacturers and more.

Cyber criminals and their techniques evolve at nearly the same pace as the available technology. As 3D printing technology advances, scammers no longer need to find creative ways to manufacture their tools – now they can print them in the comfort of their own homes.

Credit card skimmers are not new to the cyber criminal world (a few great examples can be seen in Krebs on Security. These are devices that cyber criminals attach over the original card readers on ATMs to collect financial information for fraudulent use. As a card passes through it, the skimmer reads the card’s magnetic strip, collecting information. While most often skimmers consist of only the card reader itself, they can be also used in tandem with a small camera or a keypad overlay to catch the customer’s PIN code. Thus, fraudsters can obtain data from hundreds or even thousands of credit cards per day.

Recently Kela has been helping more and more clients in Japan deal with the increasing cyber threats that face them. Kela has performed several successful deployments in Japan, using the automated RaDark system, for continuously scanning Dark Net sources, and alerting clients about threats targeting their organizations.

Read about Kela’s activities and the Japan market situation in a recent article that was published in the Nikkei Asian Review.

Following the WannaCry attack, Kela Targeted Cyber Intelligence has created this video in order to give a clear explanation to our clients on how to use the RaDark system in order to detect vulnerabilities related to this and similar attacks.

Tonight on i24 News, KELA Targeted Cyber Intelligence’s COO, Mr. Yakir Bechler, explained the recent attempt for a broad attack on Israeli targets. This coordinated attack was exposed by Israel’s Cyber Defense Authority. The threat actor used spear-phishing targeting specific Israeli targets, aiming to inject malware which exploits a vulnerability in Microsoft Office (CVE-2017-0199). For now it seems the attackers were successful in breaching two Israeli entities (one research institute and one commercial entity), and continued attacking more targets using the compromised machines.

The RaDark technology, developed by KELA Targeted Cyber Intelligence, provides our clients intelligence about threats specifically targeting them, allowing them to be one step ahead of threat actors.

This interesting USA TODAY article demonstrates how threat actors and terrorists use the Dark Web to plan attacks in an encrypted environment. In the Dark Web forums, they collaborate and share methods of avoiding law enforcement surveillance when planning a physical or a cyber attack.

This strategy prevents law enforcement’s ability to use the traditional surveillance technologies on known threat actors. As the article says: “Deeper and harder to get at is what’s known as the Dark Web, the hidden portion of the Internet that’s only available through specialized browsers. It’s not really a single entity but instead thousands of sites, most encrypted and all available only to those with information about how to find them and how to access them.”

KELA Targeted Cyber Threat Intelligence’s RaDark has the access to the deepest and encrypted corners of the Dark Web, and provides targeted actionable intelligence to prevent the next attack.